Drupal has published a security advisory highlighting vulnerabilities in the following products on September 13, 2023. It is recommended that you take the necessary precautions by ensuring your products are always updated.
Mail Login versions prior to 8.x-2.8
For more information on this update, you can follow this URL: Drupal Mail Login – Critical Access bypass
The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.
PDF Download: Drupal Security Advisory.pdf
References
Security advisories. (September 13, 2023). Retrieved from Drupal.
https://www.drupal.org/security
Drupal security advisory. (September 14, 2023). Retrieved from Canadian Centre for Cyber Security.
https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av23-557